Streaming Secure Messaging

From Roaring Penguin
Jump to: navigation, search

In general you must force outbound mail into some realm and stream. It doesn't have to be associated with a particular client; in Hosted CanIt, for example, we made a special realm called outbound-container-realm and we force outbound mail into outbound-container-realm:default

Next: When CanIt sees mail forced into a stream, it assumes it's outbound mail. It uses the realm and stream of the *sender* to figure out which Secure Messaging rules to apply. So it all works as expected: If sends mail out, the rules applied will be from's stream and realm. If sends mail out, even though the actual outbound mail is in the outbound realm and stream the secure messaging rules from's realm and stream apply.

To recap: Forcing mail into a realm:stream using Known Networks is the *only* way CanIt can distinguish inbound from outbound mail and handle them correctly.